ddwrt-btguard-ovpn-split-278939.sh

1. #!/bin/sh
2. export DEBUG= # uncomment/comment to enable/disable debug mode
3. # http://www.dd-wrt.com/phpBB2/viewtopic.php?t=278939
4.  
5. SCRIPT="/tmp/btguard/route-up.sh"
6. cat << "EOF" > $SCRIPT
7. #!/bin/sh
8. (
9. [ ${DEBUG+x} ] && set -x
10. TID="200"
11. VPN_IF="$dev"                       # provided by OpenVPN at runtime
12. VPN_GW="$route_vpn_gateway"         # provided by OpenVPN at runtime
13. WAN_GW="$route_net_gateway"         # provided by OpenVPN at runtime
14.  
15. # copy main routing table to bypass routing table (exclude all
16. # default gateways)
17. ip route show | grep -Ev '^default|^0.0.0.0/1|^128.0.0.0/1' \
18.   | while read route; do
19.         ip route add $route table $TID
20.     done
21. # add VPN as default gateway
22. ip route add default via $VPN_GW table $TID
23.  
24. # return WAN back to default gateway in main routing table
25. ip route add   0.0.0.0/2 via $WAN_GW
26. ip route add  64.0.0.0/2 via $WAN_GW
27. ip route add 128.0.0.0/2 via $WAN_GW
28. ip route add 192.0.0.0/2 via $WAN_GW
29.  
30. # force routing system to recognize our changes
31. ip route flush cache
32.  
33. # add source IP(s)/network(s) to be routed over VPN
34. ip rule add from 192.168.1.7    table $TID
35. ip rule add from 192.168.1.113  table $TID
36. ip rule add from 192.168.2.0/24 table $TID
37.  
38. ) 2>&1 | logger -t $(basename $0)[$$]
39. EOF
40. chmod +x $SCRIPT
41.  
42. SCRIPT="/tmp/btguard/route-down.sh"
43. cat << "EOF" > $SCRIPT
44. #!/bin/sh
45. (
46. [ ${DEBUG+x} ] && set -x
47. TID="200"
48. VPN_IF="$dev"                       # provided by OpenVPN at runtime
49. VPN_GW="$route_vpn_gateway"         # provided by OpenVPN at runtime
50. WAN_GW="$route_net_gateway"         # provided by OpenVPN at runtime
51.  
52. # reset main routing table
53. ip route del   0.0.0.0/2 via $WAN_GW
54. ip route del  64.0.0.0/2 via $WAN_GW
55. ip route del 128.0.0.0/2 via $WAN_GW
56. ip route del 192.0.0.0/2 via $WAN_GW
57.  
58. # delete alternate routing table
59. ip route flush table $TID
60.  
61. # force routing system to recognize our changes
62. ip route flush cache
63.  
64. # delete source IP(s)/network(s) to be routed over VPN
65. ip rule del from 192.168.1.7    table $TID
66. ip rule del from 192.168.1.113  table $TID
67. ip rule del from 192.168.2.0/24 table $TID
68.  
69. ) 2>&1 | logger -t $(basename $0)[$$]
70. EOF
71. chmod +x $SCRIPT
72.  
73. USERNAME="username"
74. PASSWORD="password"
75. PROTOCOL="udp"
76.  
77. REMOTE_SERVERS="
78. remote vpn.btguard.com 1194
79. "
80.  
81. #### DO NOT CHANGE below this line ####
82.  
83. CA_CRT='-----BEGIN CERTIFICATE-----
84. MIIDcjCCAtugAwIBAgIJAPKjuBleHokmMA0GCSqGSIb3DQEBBQUAMIGDMQswCQYD
85. VQQGEwJERTEVMBMGA1UECBMMSGVzc2UtTmFzc2F1MRIwEAYDVQQHEwlGcmFua2Z1
86. cnQxEDAOBgNVBAoTB0JUR3VhcmQxEzARBgNVBAMTCkJUR3VhcmQgQ0ExIjAgBgkq
87. hkiG9w0BCQEWE3N1cHBvcnRAYnRndWFyZC5jb20wHhcNMTAwODA3MDc0NTA5WhcN
88. MjAwODA0MDc0NTA5WjCBgzELMAkGA1UEBhMCREUxFTATBgNVBAgTDEhlc3NlLU5h
89. c3NhdTESMBAGA1UEBxMJRnJhbmtmdXJ0MRAwDgYDVQQKEwdCVEd1YXJkMRMwEQYD
90. VQQDEwpCVEd1YXJkIENBMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0QGJ0Z3VhcmQu
91. Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4cBR6VLQICqdpTsjosIQ5
92. 9elQZSRNQFaxWW3MeRC1xpJqjkbLJ9B9IO/Q/UyOa4a3qYHg8rI43wIF/RR6bwNX
93. 3sZ5w6TrdVBk0DFZq6lDQ8/4Kpg1dKbdAgJjvtxiyrHWFtB0jYVGTlxwBSPflc2J
94. RZDMAVVj83gQh8ODJeGjnwIDAQABo4HrMIHoMB0GA1UdDgQWBBQCj1U+EICMz8hF
95. ++KZ8Ld1vR0sqTCBuAYDVR0jBIGwMIGtgBQCj1U+EICMz8hF++KZ8Ld1vR0sqaGB
96. iaSBhjCBgzELMAkGA1UEBhMCREUxFTATBgNVBAgTDEhlc3NlLU5hc3NhdTESMBAG
97. A1UEBxMJRnJhbmtmdXJ0MRAwDgYDVQQKEwdCVEd1YXJkMRMwEQYDVQQDEwpCVEd1
98. YXJkIENBMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0QGJ0Z3VhcmQuY29tggkA8qO4
99. GV4eiSYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAgVeYTxvAonucE
100. qWloEvzCCUWs8bS/HJ6M85WzG7FPNAXx2QbWwN3EMwKxtGc7QF8f+APoMukzsvd2
101. vuI+1n0YwtD12cWMM9PLV2FhA2B+ajzssBTgvrbtX/SzKt0//lzrBp5Gyo6T/vO5
102. 9KRb6DVfVWfB76+DLpTf9f3SLTgzKw==
103. -----END CERTIFICATE-----'
104.  
105.  
106. OPVPNENABLE=$(nvram get openvpncl_enable | awk '$1 == "0" {print $1}')
107.  
108. if [ "$OPVPNENABLE" != 0 ]
109. then
110.    nvram set openvpncl_enable=0
111.    nvram commit
112. fi
113.  
114. sleep 30
115. mkdir /tmp/btguard; cd /tmp/btguard
116. echo -e "$USERNAME\n$PASSWORD" > userpass.conf
117. echo "$CA_CRT" > ca.crt
118. #echo "#!/bin/sh" > route-up.sh; echo -e "#!/bin/sh\nsleep 2" > route-down.sh
119. echo "#!/bin/sh
120. iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
121. iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
122. iptables -I INPUT -i tun0 -j REJECT
123. iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE" > /tmp/.rc_firewall
124. chmod 644 ca.crt; chmod 600 userpass.conf
125. #chmod 700 route-up.sh route-down.sh
126. chmod 700 /tmp/.rc_firewall
127. sleep 30
128. echo "client
129. dev tun
130. proto $PROTOCOL
131. script-security 2
132. hand-window 60
133. verb 3
134. mute 5
135. mtu-disc yes
136. resolv-retry infinite
137. nobind
138. persist-key
139. persist-tun
140. keepalive 20 120
141. reneg-sec 0
142. log btguard.log
143. ca ca.crt
144. mute-replay-warnings
145. daemon
146. auth-user-pass userpass.conf
147. $REMOTE_SERVERS" > openvpn.conf
148. ln -s /tmp/btguard/btguard.log /tmp/btguard.log
149. (killall openvpn; openvpn --config /tmp/btguard/openvpn.conf --route-up /tmp/btguard/route-up.sh --down-pre /tmp/btguard/route-down.sh) &
150. exit 0